blast in TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256; fix error/warning with ec.h and txBigInt

Author: phoddie

modules/crypt/arith/ecp.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2016-2017  Moddable Tech, Inc.
+ * Copyright (c) 2016-2021  Moddable Tech, Inc.
  *
  *   This file is part of the Moddable SDK Runtime.
  * 
@@ -74,6 +74,14 @@ export default class ECPoint {
 			return new ECPoint(a[0], a[1], a[2]);
 		}
 	};
+	static fromOctetString(os) {
+		if (os[0] != 0x04)
+			throw new Error("unsupported format");
+		let flen = (os.length - 1) / 2;
+		let x = BigInt.fromArrayBuffer(os.slice(1, 1 + flen).buffer);
+		let y = BigInt.fromArrayBuffer(os.slice(1 + flen, os.length).buffer);
+		return new ECPoint(x, y);
+	}
 };
 
 Object.freeze(ECPoint.prototype);

modules/crypt/arith/xsBigIntEx.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2016-2017  Moddable Tech, Inc.
+ * Copyright (c) 2016-2021  Moddable Tech, Inc.
  *
  *   This file is part of the Moddable SDK Runtime.
  * 
@@ -36,7 +36,9 @@
  */
 
 #ifndef __XSALL__
-typedef void txBigInt;
+typedef struct {
+	txU4 opaque;
+}  txBigInt;
 typedef xsBooleanValue txBoolean;
 
 extern void fxBigInt_setBigInt(xsSlot *slot, txBigInt *a);

modules/crypt/etc/ber.js

@@ -1,23 +1,23 @@
 /*
- * Copyright (c) 2016-2020  Moddable Tech, Inc.
+ * Copyright (c) 2016-2021  Moddable Tech, Inc.
  *
  *   This file is part of the Moddable SDK Runtime.
- * 
+ *
  *   The Moddable SDK Runtime is free software: you can redistribute it and/or modify
  *   it under the terms of the GNU Lesser General Public License as published by
  *   the Free Software Foundation, either version 3 of the License, or
  *   (at your option) any later version.
- * 
+ *
  *   The Moddable SDK Runtime is distributed in the hope that it will be useful,
  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  *   GNU Lesser General Public License for more details.
- * 
+ *
  *   You should have received a copy of the GNU Lesser General Public License
  *   along with the Moddable SDK Runtime.  If not, see <http://www.gnu.org/licenses/>.
  *
- * This file incorporates work covered by the following copyright and  
- * permission notice:  
+ * This file incorporates work covered by the following copyright and
+ * permission notice:
  *
  *       Copyright (C) 2010-2016 Marvell International Ltd.
  *       Copyright (C) 2002-2010 Kinoma, Inc.
@@ -108,16 +108,13 @@ export default class BER {
 		return this.getChunk(this.getLength());
 	};
 	getObjectIdentifier() {
-		if (this.getTag() != 0x06)
+		if (this.getTag() !== 0x06)
 			throw new Error("BER: not an object identifier");
 		return this._getObjectIdentifier(this.getLength())
 	}
 	_getObjectIdentifier(len) {
-		let oid = [];
 		let i = this.#a[this.#i++];
-		let rem = i % 40;
-		oid.push((i - rem) / 40);
-		oid.push(rem);
+		let oid = [Math.idiv(i, 40), Math.irem(i, 40)];
 		--len;
 		while (len > 0) {
 			let v = 0;

modules/crypt/etc/dsa.js

@@ -1,23 +1,23 @@
 /*
- * Copyright (c) 2016-2017  Moddable Tech, Inc.
+ * Copyright (c) 2016-2021  Moddable Tech, Inc.
  *
  *   This file is part of the Moddable SDK Runtime.
- * 
+ *
  *   The Moddable SDK Runtime is free software: you can redistribute it and/or modify
  *   it under the terms of the GNU Lesser General Public License as published by
  *   the Free Software Foundation, either version 3 of the License, or
  *   (at your option) any later version.
- * 
+ *
  *   The Moddable SDK Runtime is distributed in the hope that it will be useful,
  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  *   GNU Lesser General Public License for more details.
- * 
+ *
  *   You should have received a copy of the GNU Lesser General Public License
  *   along with the Moddable SDK Runtime.  If not, see <http://www.gnu.org/licenses/>.
  *
- * This file incorporates work covered by the following copyright and  
- * permission notice:  
+ * This file incorporates work covered by the following copyright and
+ * permission notice:
  *
  *       Copyright (C) 2010-2016 Marvell International Ltd.
  *       Copyright (C) 2002-2010 Kinoma, Inc.
@@ -36,7 +36,8 @@
  */
 
 import Crypt from "crypt";
-import Mont from "mont"
+import Mont from "mont";
+import BER from "ber";
 
 export default class DSA {
 	constructor(key, priv) {
@@ -61,10 +62,15 @@ export default class DSA {
 		sig.s = s;
 		return sig;
 	};
-	sign(H) {
-		var sig = this._sign(H);
-		var os = new ArrayBuffer();
-		return os.concat(Crypt.PKCS1.I2OSP(sig.r, 20), Crypt.PKCS1.I2OSP(sig.s, 20));
+	sign(H, asn1) {
+		if (asn1) {
+			return BER.encode([0x30, [0x02, sig.r], [0x02, sig.s]]);
+		}
+		else {
+			var sig = this._sign(H);
+			var os = new ArrayBuffer();
+			return os.concat(Crypt.PKCS1.I2OSP(sig.r, 20), Crypt.PKCS1.I2OSP(sig.s, 20));
+		}
 	};
 	_verify(H, r, s) {
 		// w = 1/s mod q
@@ -82,10 +88,19 @@ export default class DSA {
 		var v = q.mod(p.exp2(g, u1, y, u2));
 		return this.comp(v, r) == 0;
 	};
-	verify(H, sig) {
-		// "20" is specified in the xmldsig-core spec.
-		var r = Crypt.PKCS1.OS2IP(sig.slice(0, 20));
-		var s = Crypt.PKCS1.OS2IP(sig.slice(20, 40));
+	verify(H, sig, asn1) {
+		var r, s;
+		if (asn1) {
+			let ber = new BER(sig);
+			let seq = new BER(ber.getSequence());
+			r = seq.getInteger();
+			s = seq.getInteger();
+		}
+		else {
+			// "20" is specified in the xmldsig-core spec.
+			r = Crypt.PKCS1.OS2IP(sig.slice(0, 20));
+			s = Crypt.PKCS1.OS2IP(sig.slice(20, 40));
+		}
 		return(this._verify(H, r, s));
 	};
 };

modules/crypt/etc/ecdsa.js

@@ -1,23 +1,23 @@
 /*
- * Copyright (c) 2016-2017  Moddable Tech, Inc.
+ * Copyright (c) 2016-2021  Moddable Tech, Inc.
  *
  *   This file is part of the Moddable SDK Runtime.
- * 
+ *
  *   The Moddable SDK Runtime is free software: you can redistribute it and/or modify
  *   it under the terms of the GNU Lesser General Public License as published by
  *   the Free Software Foundation, either version 3 of the License, or
  *   (at your option) any later version.
- * 
+ *
  *   The Moddable SDK Runtime is distributed in the hope that it will be useful,
  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  *   GNU Lesser General Public License for more details.
- * 
+ *
  *   You should have received a copy of the GNU Lesser General Public License
  *   along with the Moddable SDK Runtime.  If not, see <http://www.gnu.org/licenses/>.
  *
- * This file incorporates work covered by the following copyright and  
- * permission notice:  
+ * This file incorporates work covered by the following copyright and
+ * permission notice:
  *
  *       Copyright (C) 2010-2016 Marvell International Ltd.
  *       Copyright (C) 2002-2010 Kinoma, Inc.
@@ -39,15 +39,17 @@ import RNG from "rng";
 import PKCS1 from "pkcs1";
 import Mont from "mont";
 import EC from "ec";
+import Curve from "curve";
+import BER from "ber";
 
 export default class ECDSA {
-	constructor(key, priv) {
-		this.u = priv ? key.du: key.Qu;
-		this.G = key.G;
-		this.orderSize = (BigInt.bitLength(key.n) + 7) >>> 3;
-		this.n = new Mont({m: key.n});
-		this.ec = new EC(key.a, key.b, key.p);
-		this.k = key.k;		// just for the debugging purpose
+	constructor(key, curve, priv) {
+		this.u = key;
+		this.G = curve.G;
+		this.orderSize = curve.orderSize;
+		this.n = new Mont({m: curve.n});
+		this.ec = curve.ec;
+		this.k = curve.k;	// just for a debugging purpose
 	};
 	_sign(H) {
 		// (r, s) = (k*G, (e + du*r) / k)
@@ -69,11 +71,16 @@ export default class ECDSA {
 		sig.s = s;
 		return sig;
 	};
-	sign(H) {
-		var sig = this._sign(H);
-		var os = new ArrayBuffer();
-		var l = this.orderSize;
-		return os.concat(PKCS1.I2OSP(sig.r, l), PKCS1.I2OSP(sig.s, l));
+	sign(H, asn1) {
+		if (asn1) {
+			return BER.encode([0x30, [0x02, sig.r], [0x02, sig.s]]);
+		}
+		else {
+			var sig = this._sign(H);
+			var os = new ArrayBuffer();
+			var l = this.orderSize;
+			return os.concat(PKCS1.I2OSP(sig.r, l), PKCS1.I2OSP(sig.s, l));
+		}
 	};
 	_verify(H, r, s) {
 		// u1 = e / s
@@ -90,13 +97,22 @@ export default class ECDSA {
 		var u2 = n.mul(r, s_inv);
 		// var R = ec.add(ec.mul(G, u1), ec.mul(Qu, u2));
 		var R = ec.mul2(G, u1, Qu, u2);
-		return R.X === r;
+		return R.X == r;
 
 	};
-	verify(H, sig) {
-		var l = this.orderSize;
-		var r = PKCS1.OS2IP(sig.slice(0, l));
-		var s = PKCS1.OS2IP(sig.slice(l, l*2));
+	verify(H, sig, asn1) {
+		var r, s;
+		if (asn1) {
+			let ber = new BER(sig);
+			let seq = new BER(ber.getSequence());
+			r = seq.getInteger();
+			s = seq.getInteger();
+		}
+		else {
+			let l = this.orderSize;
+			r = PKCS1.OS2IP(sig.slice(0, l));
+			s = PKCS1.OS2IP(sig.slice(l, l*2));
+		}
 		return this._verify(H, r, s);
 	};
 	static randint(max) {

modules/crypt/etc/hmac.js

@@ -1,23 +1,23 @@
 /*
- * Copyright (c) 2016-2017  Moddable Tech, Inc.
+ * Copyright (c) 2016-2021  Moddable Tech, Inc.
  *
  *   This file is part of the Moddable SDK Runtime.
- * 
+ *
  *   The Moddable SDK Runtime is free software: you can redistribute it and/or modify
  *   it under the terms of the GNU Lesser General Public License as published by
  *   the Free Software Foundation, either version 3 of the License, or
  *   (at your option) any later version.
- * 
+ *
  *   The Moddable SDK Runtime is distributed in the hope that it will be useful,
  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  *   GNU Lesser General Public License for more details.
- * 
+ *
  *   You should have received a copy of the GNU Lesser General Public License
  *   along with the Moddable SDK Runtime.  If not, see <http://www.gnu.org/licenses/>.
  *
- * This file incorporates work covered by the following copyright and  
- * permission notice:  
+ * This file incorporates work covered by the following copyright and
+ * permission notice:
  *
  *       Copyright (C) 2010-2016 Marvell International Ltd.
  *       Copyright (C) 2002-2010 Kinoma, Inc.
@@ -44,30 +44,30 @@ export default class HMAC {
 		this.hashLen = bitlen >> 3;	// in byte
 	};
 	init(key) {
-		var arr = new Uint8Array(key);
-		var h = this.h;
-		if (arr.length > h.blockSize) {
+		const h = this.h;
+		if (key.byteLength > h.blockSize) {
 			// truncate the key
 			h.reset();
 			h.write(key);
-			arr = new Uint8Array(h.close());
+			key = new Uint8Array(h.close());
 		}
-		var n = h.blockSize;
-		var l = arr.length;
-		this.ipad = new Uint8Array(n);
-		this.opad = new Uint8Array(n);
-		if (l > n)
-			l = n;
-		var i = 0;
-		for (; i < l; i++) {
-			var c = arr[i];
-			this.ipad[i] = c ^ 0x36;
-			this.opad[i] = c ^ 0x5c;
+		else {
+			key = new Uint8Array(key);
 		}
-		for (; i < n; i++) {
-			this.ipad[i] = 0x36;
-			this.opad[i] = 0x5c;
+
+		this.ipad = new Uint8Array(h.blockSize);
+		this.opad = new Uint8Array(h.blockSize);
+
+		let l = key.length;
+		if (l > h.blockSize)
+			l = h.blockSize;
+		let i = 0;
+		for (; i < l; i++) {
+			this.ipad[i] = key[i] ^ 0x36;
+			this.opad[i] = key[i] ^ 0x5c;
 		}
+		this.ipad.fill(0x36, i);
+		this.opad.fill(0x5c, i);
 		h.reset();
 		h.write(this.ipad.buffer);
 	};

modules/crypt/etc/pkcs8.js

@@ -1,23 +1,23 @@
 /*
- * Copyright (c) 2016-2017  Moddable Tech, Inc.
+ * Copyright (c) 2016-2021  Moddable Tech, Inc.
  *
  *   This file is part of the Moddable SDK Runtime.
- * 
+ *
  *   The Moddable SDK Runtime is free software: you can redistribute it and/or modify
  *   it under the terms of the GNU Lesser General Public License as published by
  *   the Free Software Foundation, either version 3 of the License, or
  *   (at your option) any later version.
- * 
+ *
  *   The Moddable SDK Runtime is distributed in the hope that it will be useful,
  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  *   GNU Lesser General Public License for more details.
- * 
+ *
  *   You should have received a copy of the GNU Lesser General Public License
  *   along with the Moddable SDK Runtime.  If not, see <http://www.gnu.org/licenses/>.
  *
- * This file incorporates work covered by the following copyright and  
- * permission notice:  
+ * This file incorporates work covered by the following copyright and
+ * permission notice:
  *
  *       Copyright (C) 2010-2016 Marvell International Ltd.
  *       Copyright (C) 2002-2010 Kinoma, Inc.

modules/crypt/etc/x509.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2016-2017  Moddable Tech, Inc.
+ * Copyright (c) 2016-2021  Moddable Tech, Inc.
  *
  *   This file is part of the Moddable SDK Runtime.
  *